General Information

The Elastic Container Registry credential helper allows you to run docker pull/push commands without needing to login to an ECR from an EC2 instance.

Pre-reqs

• Role: The role attached to your ec2 instance requires appropriate access to the ECR.
• AMI: Amazon Linux 2

• Enable the Amazon Linux Extras Docker Repo

  amazon-linux-extras enable docker

• Install

  yum install amazon-ecr-credential-helper

• Create docker dir for ECR credential helper

  mkdir ~/.docker

• Create the credential helper config file

  vim ~/.docker/config.json
   
  {
          "credsStore": "ecr-login"
  }

These tasks can be included in an Ansible role/playbook

- name: Enable the Amazon Linux Extras Docker Repo
  command: "amazon-linux-extras enable docker"
  
- name: Install Amazon ECR Credential Helper
  yum:
    lock_timeout: 180
    name: "amazon-ecr-credential-helper"
    state: present
	
- name: Create docker dir for ECR credential helper
  file:
    path: "/home/ec2-user/.docker"
    state: directory
    owner: ec2-user
    group: ec2-user
    mode: 0700

- name: Deploy config.json for ECR credential helper
  copy:
    src: "docker-ecr-cred-helper-config.json"
    dest: "/home/ec2-user/.docker/config.json"
    owner: ec2-user
    group: ec2-user
    mode: 0600

Credential Helper File contents(docker-ecr-cred-helper-config.json)

{
        "credsStore": "ecr-login"
}